Am 01.12.2013 14:20, schrieb Markus Wernig: > On Sat Nov 30 13:00:45 CET 2013, Thomas Bruederli wrote: > >> But in terms of architecture, a purely client-side >> encryption/decryption is the preferred and most secure way. > > OK, this depends on which side of the cryptosystem you assume to be more > trustworthy: the server or your browser runtime. Especially javascript > has some major drawbacks when it comes to crypto (just think XSS). See > eg. here for a discussion: > http://www.matasano.com/articles/javascript-cryptography/ > > [...] > So I'd rather stick with a server-side approach, even if it would not > make it into an official release.
Same here. Kind regards, jonas _______________________________________________ Roundcube Development discussion mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/dev
